General
-
Target
pandabanker_2.2.8.vir
-
Size
231KB
-
Sample
200719-27d4kkw47s
-
MD5
dd6a9f311d3bd02e71a3b2f2e9edf616
-
SHA1
ff3d6bb29c56dbcb45daaa7dc6fff79829c94fbf
-
SHA256
4352a4309cb454aa6ba59932456f32dbfee4b0b5d998d954518dcff43ff8281b
-
SHA512
0a47e1e193c74d2b7c57b6c3745d2f535cae6bf33d55958b953911616b50df2e0285925589d2515bf36baa98b6526885bf8827c0e2558c2f2061e9981f8eafea
Malware Config
Targets
-
-
Target
pandabanker_2.2.8.vir
-
Size
231KB
-
MD5
dd6a9f311d3bd02e71a3b2f2e9edf616
-
SHA1
ff3d6bb29c56dbcb45daaa7dc6fff79829c94fbf
-
SHA256
4352a4309cb454aa6ba59932456f32dbfee4b0b5d998d954518dcff43ff8281b
-
SHA512
0a47e1e193c74d2b7c57b6c3745d2f535cae6bf33d55958b953911616b50df2e0285925589d2515bf36baa98b6526885bf8827c0e2558c2f2061e9981f8eafea
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-